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- The MAILING DATE of this communication appears on the cover sheet with the c rrespondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 18 October 2004 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1,2,4-6.8-11.15-18 and 20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) IEI Claim(s) 1.2,4-6.8-11.15-18 and 20 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 D Certified copies of the priority documents have been received. 

2.0 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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1 ) ^ Notice of References Cited (PTO-892) 4) Q Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) D Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date . 6) O Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 1 10804 



Application/Control Number: 09/987,418 Page 2 

Art Unit: 2142 

1. Amended claims 1,4,5,8,15-18,19 and new claim 20 are pending. 

2. Claims 3,7,12-14and 19 are canceled. Claims 1,4,5,8,15-18 have been 
amended. Thus the Final rejection is appropriate. 

3. Applicant's arguments, see pages 8-10 filed 10/18/04, with respect to the 
rejection(s)of claim(s) 1-19 under Davis-Dustan are been fully considered and are 
persuasive. Davis-Dustan did not teach the predetermined elements includes an 
element allocated for representing a purpose of operation to be operated by the holder 
of the personal certificate . Therefore, the rejection has been withdrawn. However, upon 
further consideration, a new ground(s) of rejection is made in view of Davis-Richard. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-2,4,8-11,15-18,20 are rejected under 35 U.S.C. § 103 as being unpatentable 

over Davis et al [Davis 6,088,805] in view of Richard et al [Richard 5,922,074]. 

4. As per claim 4, Davis discloses an apparatus for processing a subject name 
included in a personal certificate, comprising: 

a part that receives a personal certificate [Davis, user identity, user certification, 
col 6 lines 9-46]; 
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a part that extracts a predetermined element in a hierarchy of a subject name 
(i.e.: a selected data) included in the received personal certificate [Davis, filtering the 
selected data, col 9 lines 40-56]; and 

a part that determines an access right based on a value of the predetermined 
element [Davis, access rights granted based upon the issuing CA, col 7 lines 45-53; 
predefined filter rules, col 8 lines 54-63]. 

However Davis does not detail the predetermined elements includes an element 
allocated for representing a purpose of operation (i.e.: a subject name) to be operated 
by the holder of the personal certificate. 

Richard discloses a server determines the access rights to grant to a client 
[Richard, the access rights to grant to a client, col 2 lines 30-39] and a method to verify 
a certificate includes a validity field and subject field specifies the name of the party 
who holds the certificate [Richard, subject field specifies the name of the party who 
holds the certificate, col 7 lines 24-48] 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to incorporate the subject name as an element to 
determine the access right to the client as taught by Richard into the Davis apparatus in 
order to improve the security services within a network. Doing so would provide a 
greater control access to server resources. 
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5. As per claim 1 , Davis-Richard disclose an apparatus (or web server) for 
processing a subject name included in a personal certificate [Davis, Web server, col 4 
lines 29-64], comprising: 

a part that receives a personal certificate (i.e.: personal ID) [Davis, user identity, 
user certification, col 6 lines 9-46]; 

a part that verifies the received personal certificate based on a digital signature 
technique [Davis, verify the digital signature of the holder, col 5 lines 42-55]; 

a part that extracts at least one of predetermined elements in a hierarchy of a 
subject name included in the received personal certificate [Davis, filtering the selected 
data, col 9 lines 40-56]; and 

a part that determines an access right of holder of the personal certificate based 
on a value of the at least tine predetermined element (i.e.: predefined filter rules) when 
the personal certificate is successfully verified [Davis, access rights granted based upon 
the issuing CA, col 7 lines 45-53; predefined filter rules, col 8 lines 54-63]. 

wherein the predetermined elements includes an element allocated for 
representing a purpose of operation to be operated by the holder of the personal 
certificate [Richard, subject field specifies the name of the party who holds the 
certificate, col 7lines 24-48]. 

6. As per claim 2, Davis-Richard disclose the at least one of the predetermined 
elements is an organizational unit name of a predetermined hierarchy of the subject 
name [Davis, organization name, sub-fields, col 7 lines 12-30; col 9 lines 1-10]. 
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7. Claims 1 5,17 contain the similar limitations set forth of apparatus claim 1 . 
Therefore, claims 15,17 are rejected for the similar rationale set forth in claim 1 . 

8. As per claim 8, Davis-Richard disclose an apparatus for processing a subject 
name included in a personal certificate, which receives a personal certificate in which a 
predetermined element of a subject name represents an organization to which a holder 
of the certificate belongs and an attribute other than a personal ID so as to process the 
subject name, the apparatus comprising: 

a part that receives the personal certificate [Davis, user identity, user certification, 
col 6 lines 9-46]; 

a part that extracts a predetermined element in a hierarchy of a subject name 
included in the received personal certificate [Davis, filtering the selected data, col 9 lines 
40-56]; and 

a part that determines an access right at least based on an organization to which 
a holder belongs and an attribute other than a personal ID represented by a value of the 
predetermined element [Davis, access rights granted based upon the issuing CA, col 7 
lines 45-53; predefined filter rules, col 8 lines 54-63]. 

wherein the predetermined elements in a hierarchy of the subject name 
represents a purpose of operation to be operated by the holder of the personal 
certificate [Richard, subject field specifies the name of the party who holds the 
certificate, col 7lines 24-48]. 
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9. As per claim 9, Davis-Richard disclose the organizational unit name of a 
predetermined hierarchy of the subject name represents that the holder of the certificate 
is not a member of an organization represented by the organization name and that the 
holder cooperates with the organization [Davis, organization name, sub-fields, col 7 
lines 12-30; col 9 lines 1-10]. 

10. As per claim 10, Davis discloses the organizational unit name of a predetermined 
hierarchy of the subject name represents a project name in which the holder takes part. 

11. As per claim 1 1 , Davis-Richard disclose the organizational unit name of a 
predetermined hierarchy of the subject name represents a cooperating organization 
name which cooperates with an organization represented by the organization name and 
to which the holder belongs [Davis, organization name, sub-fields, col 7 lines 12-30; col 
9 lines 1-10]. 

12. Claims 16,18 contain the similar limitations set forth of apparatus claim 8. 
Therefore, claims 16,18 are rejected for the similar rationale set forth in claim 8. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

13. Claims 5-6 are rejected under 35 U.S.C. § 103 as being unpatentable over Davis 
et al [Davis 6,088,805] in view of Richard et al [Richard 5,922,074] and further in view of 
Dustan et al [Dustan 5,884,312]. 

14. As per claim 5, Davis discloses a web server computer system comprising: 

a part that receives a personal certificate [Davis, user identity, user certification, 
col 6 lines 9-46]; 

a part that verifies the received personal certificate based on a digital signature 
technique [Davis, verify the digital signature, col 5 lines 42-55]; 

a part that extracts at least one of predet4rmined elements in a hierarchy of a 
subject name included in the received personal certificate [Davis, filtering the selected 
data, col 9 lines 40-56]; 

a part that determines an access right of a holder of the personal certificate 
based on a value of the at least one predetermined element when the received personal 
certificate is successfully verified [Davis, access rights granted based upon the issuing 
CA, col 7 lines 45-53; predefined filter rules, col 8 lines 54-63]; and 

wherein the predetermined elements includes an element allocated for 
representing a purpose of operation (i.e.: a subject name) to be operated by the holder 
of the personal certificate [Richard, subject field specifies the name of the party who 
holds the certificate, col 7lines 24-48] 

However Davis does not details 



Application/Control Number: 09/987,418 



Page 8 



Art Unit: 2142 

a part that allocates a session identifier when the received personal certificate is 
successfully verified; and a part that stores the determined access right associated with 
the session identifier. 

It was well-known in the art that a session identifier used to compared to a user 
access right to determine a personal access [Dustan, the session ID and rights to 
execute the function, col 18 lines 54-65]. 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to incorporate the technique of determine the access 
right associated with the session identifier as taught by Dustan into the Davis-Richard 
apparatus in order to utilize the user identification or digital signature. Doing so would 
provide a security feature of allowing permissions and rights to be assigned to individual 
users or groups of users to limit access to certain data sources. 



1 5. As per claim 6, Davis-Richard-Dustan disclose the at least one of the 
predetermined elements is an organizational unit name of a predetermined hierarchy of 
the subject name [Davis, organization name, sub-fields, col 7 lines 12-30; col 9 lines 1- 
10]. 



16. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to examiner Thong Vu, whose telephone number is (571 )- 
272-3904. The examiner can normally be reached on Monday-Thursday from 8:00AM- 
4:30PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jack Harvey, can be reached at (571) 272-3896. The fax number for the 
organization where this application or proceeding is assigned is 703-872-9306 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval IPAIRI system. Status information for published 
applications may be obtained from either Private PMR or Public PMR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Thong Vu 
Patent Examiner 
Art Unit 2142 
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